Zenbleed (CVE-2023-20593)

Опубликовано: 25 Октябрь 2024
на канале: LiveOverflow

162,564

6.3k

Let's explore the "most exciting" CPU vulnerability affecting Zen2 CPUs from AMD.
Watch part 1 about fuzzing:    • The Discovery of Zenbleed ft. Tavis O...

buy my font (advertisement): https://shop.liveoverflow.com/

This video is sponsored by Google: https://security.googleblog.com/2023/...

Original Zenbleed Writeup: https://lock.cmpxchg8b.com/zenbleed.html
Grab the code: https://github.com/google/security-re...
cvtsi2ss: https://www.felixcloutier.com/x86/cvt...
AMD Security Bulletin: https://www.amd.com/en/resources/prod...
RIDL Video:    • How The RIDL CPU Vulnerability Was Found
Tavis Ormandy:   / taviso

Chapters:
00:00 - Intro
02:27 - zenleak.asm Patterns
03:56 - The C Exploit Code
05:20 - Assembly Generation with Compiler Preprocessor
07:40 - What are XMM and YMM Registers?
11:56 - Zenbleed: Trigger Merge Optimization
14:28 - Register File & Register Allocation Table
16:39 - Register Renaming
17:55 - Speculative Execution
18:55 - vzeroupper and SSE & AVX History
21:22 - Zenbleed Explanation
23:55 - How to fix Zenbleed?

=[ ❤️ Support ]=

→ per Video:   / liveoverflow
→ per Month:    / @liveoverflow

2nd Channel:    / liveunderflow

=[ 🐕 Social ]=

→ Twitter:   / liveoverflow
→ Streaming: https://twitch.tvLiveOverflow/
→ TikTok:   / liveoverflow_
→ Instagram:   / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit:   / liveoverflow
→ Facebook:   / liveoverflow